Simple Random Interaction Designer

Security checks across malware telemetry and agentic risk

Overview

This skill is a small local randomizer for optional proactive chat messages, with disclosed but privacy-relevant use of available context sources when enabled.

Install this only if you want occasional proactive casual messages. Review which OpenClaw integrations are enabled, especially calendar, smart-home, traffic, market, news, and weather sources, because the skill may use them to make a message feel timely or context-aware.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly enables proactive outreach using sensitive or context-rich sources such as calendar, smart-home, weather, traffic, news, and market data, but it does not require any user-facing notice or consent cue before using that data in spontaneous messages. This creates a privacy and trust risk because users may receive messages derived from personal or ambient data without realizing those sources were consulted for outreach.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal